From 0983e9afcb842ff7f5dc5cdd9d6c3a884c1c91f0 Mon Sep 17 00:00:00 2001 From: ryan Date: Wed, 16 May 2012 18:06:34 +0000 Subject: [PATCH] Fix wp.getPages response when fetching pages the current user does not have caps for. Props maxcutler, redsweater. fixes #20629 git-svn-id: http://core.svn.wordpress.org/trunk@20807 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/class-wp-xmlrpc-server.php | 140 +++++++++++++------------ 1 file changed, 75 insertions(+), 65 deletions(-) diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php index 99feb8e92c..1a4d1ca312 100644 --- a/wp-includes/class-wp-xmlrpc-server.php +++ b/wp-includes/class-wp-xmlrpc-server.php @@ -753,6 +753,77 @@ class wp_xmlrpc_server extends IXR_Server { return apply_filters( 'xmlrpc_prepare_media_item', $_media_item, $media_item, $thumbnail_size ); } + /** + * Prepares page data for return in an XML-RPC object. + * + * @access protected + * + * @param object $page The unprepared page data + * @return array The prepared page data + */ + protected function _prepare_page( $page ) { + // Get all of the page content and link. + $full_page = get_extended( $page->post_content ); + $link = post_permalink( $page->ID ); + + // Get info the page parent if there is one. + $parent_title = ""; + if ( ! empty( $page->post_parent ) ) { + $parent = get_page( $page->post_parent ); + $parent_title = $parent->post_title; + } + + // Determine comment and ping settings. + $allow_comments = comments_open( $page->ID ) ? 1 : 0; + $allow_pings = pings_open( $page->ID ) ? 1 : 0; + + // Format page date. + $page_date = $this->_convert_date( $page->post_date ); + $page_date_gmt = $this->_convert_date_gmt( $page->post_date_gmt, $page->post_date ); + + // Pull the categories info together. + $categories = array(); + foreach ( wp_get_post_categories( $page->ID ) as $cat_id ) { + $categories[] = get_cat_name( $cat_id ); + } + + // Get the author info. + $author = get_userdata( $page->post_author ); + + $page_template = get_page_template_slug( $page->ID ); + if ( empty( $page_template ) ) + $page_template = 'default'; + + $_page = array( + 'dateCreated' => $page_date, + 'userid' => $page->post_author, + 'page_id' => $page->ID, + 'page_status' => $page->post_status, + 'description' => $full_page['main'], + 'title' => $page->post_title, + 'link' => $link, + 'permaLink' => $link, + 'categories' => $categories, + 'excerpt' => $page->post_excerpt, + 'text_more' => $full_page['extended'], + 'mt_allow_comments' => $allow_comments, + 'mt_allow_pings' => $allow_pings, + 'wp_slug' => $page->post_name, + 'wp_password' => $page->post_password, + 'wp_author' => $author->display_name, + 'wp_page_parent_id' => $page->post_parent, + 'wp_page_parent_title' => $parent_title, + 'wp_page_order' => $page->menu_order, + 'wp_author_id' => (string) $author->ID, + 'wp_author_display_name' => $author->display_name, + 'date_created_gmt' => $page_date_gmt, + 'custom_fields' => $this->get_custom_fields( $page->ID ), + 'wp_page_template' => $page_template + ); + + return apply_filters( 'xmlrpc_prepare_page', $_page, $page ); + } + /** * Create a new post for any registered post type. * @@ -1833,66 +1904,7 @@ class wp_xmlrpc_server extends IXR_Server { // If we found the page then format the data. if ( $page->ID && ($page->post_type == 'page') ) { - // Get all of the page content and link. - $full_page = get_extended($page->post_content); - $link = post_permalink($page->ID); - - // Get info the page parent if there is one. - $parent_title = ""; - if ( !empty($page->post_parent) ) { - $parent = get_page($page->post_parent); - $parent_title = $parent->post_title; - } - - // Determine comment and ping settings. - $allow_comments = comments_open($page->ID) ? 1 : 0; - $allow_pings = pings_open($page->ID) ? 1 : 0; - - // Format page date. - $page_date = $this->_convert_date( $page->post_date ); - $page_date_gmt = $this->_convert_date_gmt( $page->post_date_gmt, $page->post_date ); - - // Pull the categories info together. - $categories = array(); - foreach ( wp_get_post_categories($page->ID) as $cat_id ) { - $categories[] = get_cat_name($cat_id); - } - - // Get the author info. - $author = get_userdata($page->post_author); - - $page_template = get_page_template_slug( $page->ID ); - if ( empty( $page_template ) ) - $page_template = 'default'; - - $page_struct = array( - 'dateCreated' => $page_date, - 'userid' => $page->post_author, - 'page_id' => $page->ID, - 'page_status' => $page->post_status, - 'description' => $full_page['main'], - 'title' => $page->post_title, - 'link' => $link, - 'permaLink' => $link, - 'categories' => $categories, - 'excerpt' => $page->post_excerpt, - 'text_more' => $full_page['extended'], - 'mt_allow_comments' => $allow_comments, - 'mt_allow_pings' => $allow_pings, - 'wp_slug' => $page->post_name, - 'wp_password' => $page->post_password, - 'wp_author' => $author->display_name, - 'wp_page_parent_id' => $page->post_parent, - 'wp_page_parent_title' => $parent_title, - 'wp_page_order' => $page->menu_order, - 'wp_author_id' => (string) $author->ID, - 'wp_author_display_name' => $author->display_name, - 'date_created_gmt' => $page_date_gmt, - 'custom_fields' => $this->get_custom_fields($page_id), - 'wp_page_template' => $page_template - ); - - return($page_struct); + return $this->_prepare_page( $page ); } // If the page doesn't exist indicate that. else { @@ -1935,11 +1947,9 @@ class wp_xmlrpc_server extends IXR_Server { if ( $num_pages >= 1 ) { $pages_struct = array(); - for ( $i = 0; $i < $num_pages; $i++ ) { - $page = wp_xmlrpc_server::wp_getPage(array( - $blog_id, $pages[$i]->ID, $username, $password - )); - $pages_struct[] = $page; + foreach ($pages as $page) { + if ( current_user_can( 'edit_page', $page->ID ) ) + $pages_struct[] = $this->_prepare_page( $page ); } return($pages_struct);